The design and implementation of network puzzles

Proceedings - IEEE INFOCOM

Volumn 4, Issue , 2005, Pages 2372-2382

  Feng, Wu Chang ^a   Kaiser, Ed ^a   Feng, Wu Chi ^a   Luu, Antoine ^b  

^a PORTLAND STATE UNIVERSITY   (United States)

^b Ecole Nationale Superieure d'Electronique Informatique et Radiocommunications de Bordeaux   (France)

Author keywords

[No Author keywords available]

Indexed keywords

DISTRIBUTED DENIAL OF SERVICES (DDOS); HARSH-REVERSAL PUZZLES; NETWORK LAYERS; NETWORK PUZZLES;

NETWORK PROTOCOLS; ROUTERS; TELECOMMUNICATION SERVICES; TELECOMMUNICATION TRAFFIC;

COMPUTER NETWORKS;

EID: 25644445353     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2005.1498523     Document Type: Conference Paper

References (56)

1. D. Moore, C. Shannon, and J. Brown, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm," in Internet Measurement Workshop, November 2002.
2. S. Staniford, V. Paxson, and N. Weaver, "How to Own the Internet in Your Spare Time," in 11th USENIX Security Symposium (Security '02), 2002.
3. CERT, "CERT Advisory CA-2004-02 Email-borne Viruses," http://www.cert.org/advisories/CA-2004-02.html, 2004.
4. C. Dwork and M. Naor, "Pricing via Processing or Combatting Junk Mail," in Crypto, 1992.
5. R. Merkle, "Secure Communications Over Insecure Channels," Communications of the ACM, vol. 21, no. 4, April 1978.
6. L. von Ahn, M. Blum, N. Hopper, and J. Langford, "CAPTCHA: Using Hard AI Problems for Security," in Eurocrypt 2003., 2003.
7. A. Juels and J. Brainard, "Client Puzzles: A Cryptographic Defense Against Connection Depletion," in NDSS, 1999, pp. 151-165.
8. D. Dean and A. Stubblefield, "Using Client Puzzles to Protect TLS," in 10th Annual USENIX Security Symposium, 2001.
9. T. Aura, P. Nikander, and J. Leiwo, "DOS-Resistant Authentication with Client Puzzles," Lecture Notes in Computer Science, vol.2133, 2001.
10. J. Leiwo, T. Aura, and P. Nikander, "Towards Network Denial of Service Resistant Protocols," in SEC, 2000, pp. 301-310.
11. M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. Wallach, "Security for Peer-to-Peer Routing Overlays," in Proceedings of OSDI, December 2002.
12. M. Abadi, M. Burrows, M. Manasse, and T. Wobber, "Moderately Hard, Memory-bound Functions," 2003.
13. I. Clarke, O. Sandberg, B. Wiley, and T. Hong, "Freenet: A Distributed Anonymous Information Storage and Retrieval System," Lecture Notes in Computer Science, vol. 2009, pp. 46+, 2001.
14. X. Wang and M. Reiter, "Defending Against Denial-of-Service Attacks with Puzzle Auctions," in IEEE Symposium on Security and Privacy, 2003.
15. W. Feng, "The Case for TCP/IP Puzzles," in ACM SIGCOMM Workshop on Future Directions in Network Architecture (FDNA03). Karlsruhe, Germany, August 2003.
16. J. Saltzer, D. Reed, and D. Clark, "End-To-End Arguments in System Design," ACM Transactions on Computer Systems, vol. 2, no. 4, pp. 277-288, November 1984.
17. S. Crosby and D. Wallach, "Denial of Service via Algorithmic Complexity Attacks," in USENIX Security Symposium, August 2003.
18. V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks," Computer Communication Review, vol. 31. no. 3, July 2001.
19. W. Aiello, S. Bellovin, M. Blaze, J. Ioannidis, O. Reingold, R. Canetti, and A. Keromytis, "Efficient, DoS-resistant, Secure Key Exchange for Internet Protocols," in Conference on Computer and Communications Security, 2002.
20. D. Bernstein, "SYN Cookies," http://cr.yp.to/syncookies.html, 2003.
21. B. Warner, "EGD: The Entropy Gathering Daemon," http://egd.sourceforge.net, 2002.
22. W. Aiello, S. Rajagopalan, and R. Venkatesan, "Design of Practical and Provably Good Random Number Generators," in ACM-SIAM Symposium on Discrete Algorithms, January 1995.
23. D. Wagner, "Randomness for Crypto," http://www.cs.berkeley.edu/ ~daw/rnd/, 2003.
24. Intel, "Intel Random Number Generator (RNG)," http://developer.intel.com/design/security/rng/rngppr.htm, 2003.
25. T. Spalink, S. Karlin, L. Peterson, and Y. Gottlieb, "Building a Robust Network-Processor-Based Router," in Proceedings of ACM SOSP, October 2001.
26. T. Dierks and C. Allen, "The TLS Protocol Version 1.0," RFC 2246, January 1999.
27. K. Fu, E. Sit, K. Smith, and N. Feamster, "Dos and Don'ts of Client Authentication on the Web," in USENIX Security Symposium, August 2001.
28. R. L. Rivest, A. Shamir, and D. A. Wagner, "Time-lock Puzzles and Timed-release Crypto," MIT/LCS/TR-684, 1996.
29. netfilter/iptables developers, "netfilter/iptables Project," http://www.netfilter.org.
30. J. Postal, "Internet Control Message Protocol," RFC 792, September 1981.
31. D. Kaminsky, "Doxpara: Paketto Keiretsu (scanrand)," http://www.doxpara.com/read.php/code/paketto.html, 2002.
32. H. Burch and W. Cheswick, "Tracing Anonymous Packets to Their Approximate Source," in USENIX LISA, December 2000.
33. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Support for IP Traceback," in SIGCOMM, 2000, pp. 295-306.
34. A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, and W. Strayer, "Hash-based IP Traceback," in SIGCOMM, August 2001.
35. D. Song and A. Perrig, "Advanced and Authenticated Marking Schemes for IP Traceback," in INFOCOM 2001, 2001, pp. 878-886.
36. ICMP Traceback Working Group, "ICMP Traceback (itrace)," http://www.ietf.org/html.charters/itrace-charter.html, 2002.
37. A. Yaar. A. Perrig, and D. Song, "Pi: A Path Identification Mechanism to Defend Against DDoS Attacks," in IEEE Symposium on Security and Privacy, May 2003.
38. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," Computer Communication Review, vol. 32, no. 3, July 2002.
39. H. Jamjoom and K. Shin, "Persistent Dropping: An Efficient Control of Traffic Aggregates," in SIGCOMM, August 2003.
40. A. Keromytis, V. Misra, and D. Rubenstein, "SOS: Secure Overlay Services," in SIGCOMM, August 2002.
41. D. Andersen, "Mayday: Distributed Filtering for Internet Services," in USITS, March 2003.
42. K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica, "Taming IP Packet Flooding Attacks," in Hot Topics in Networks (HotNets-II), 2003.
43. S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, "Implementing a Distributed Firewall," in ACM Conference on Computer and Communications Security, 2000, pp. 190-199.
44. A. Back, "Hashcash: A Denial of Service Counter-Measure," Tech. Rep., Cypherspace, August 2002, http://cypherspace.org/hashcash/hashcash.pdf.
45. V. Gligor, "Guaranteeing Access in Spite of Service-Flooding Attacks," in Security Protocols Workshop, April 2003.
46. S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification," RFC 2460, December 1998.
47. Van Jacobson, "Congestion Avoidance and Control," in Proceedings of ACM SIGCOMM, August 1988, pp. 314-329.
48. S. Floyd and V. Jacobson, "Random Early Detection Gateways for Congestion Avoidance," ACM/IEEE Transactions on Networking, vol. 1, no. 4, pp. 397-413, August 1993.
49. Intel, "Intel IXP2850 Network Processor," http://www.Intel.com/ design/network/products/npfamily/ixp2850.htm, 2003.
50. D. Lin and R. Morris, "Dynamics of Random Early Detection," in Proceedings of ACM SIGCOMM, September 1997.
51. W. Feng, D. Kandlur, D. Saha, and K. Shin, "Stochastic Fair Blue: A Queue Management Algorithm for Enforcing Fairness," in Proc. of INFOCOM, April 2001.
52. P. McKenney, "Stochastic Fairness Queueing," in Proceedings of IEEE INFOCOM, March 1990.
53. J.L. Rexford, A.G. Greenberg, and F.G. Bonomi, "Hardware-Efficient Fair Queueing Architecture for High-Speed Networks," in Proceedings of INFOCOM, March 1996.
54. M. Roesch, "Snort - Lightweight Intrusion Detection for Networks," in Proceedings of the 13th Systems Administration Conference (LISA '99), 1999.
55. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," in 10th Annual USENIX Security Symposium, January 1998.
56. DShield.org, "Distributed Intrusion Detection System," http://www.dshield.org, 2002.